<?php
define('IN_SCRIPT',1);
define('HESK_PATH','./');

/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/database.inc.php');

/* Connect to database */
hesk_dbConnect();

$email = $_POST['lg_email'];
$pass = md5($_POST['lg_pass']);
$pass1 = hesk_Pass2Hash($_POST['lg_pass']);

/*CHECK IF EXIST EMAIL*/
$sql = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."member` WHERE email='$email' AND password='$pass'";
$result = mysql_query($sql);
$jum = mysql_num_rows($result);
$data = mysql_fetch_array($result);

if ($jum>0){
    hesk_session_start();
    //session_register("usr_lgn");
    $_SESSION['id_member'] = $data['id_member'];
    $_SESSION['nama_depan'] = $data['nama_depan'];
    $_SESSION['nama_belakang'] = $data['nama_belakang'];
    //echo $_SESSION['id_member'];
    header("location: index.php");
} else {
    //Check Doctor or Administrator login
    $sql = "SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE email='$email' AND pass='$pass1'";
    $result = mysql_query($sql);
    $jum = mysql_num_rows($result);
    $res = hesk_dbFetchAssoc($result);
    if ($jum>0) {
        hesk_session_start();
	foreach ($res as $k=>$v)
	{
	    $_SESSION[$k]=$v;
	}
        if ($_SESSION['approval']=="1"){
            header("location: admin/index.php?a=front_login");
        } else {
            header("location: index.php?login=unapproved");
        }
    } else {
        header("location: index.php?login=fail");
    }
}
?>